rfc-9765

RADIUS/1.1: Leveraging Application-Layer Protocol Negotiation (ALPN) to Remove MD5

A. DeKok

date2025-04 streamIETF areasec wgradext statusEXPERIMENTAL pages31 canonicalhttps://www.rfc-editor.org/rfc/rfc9765 doi10.17487/RFC9765

This document defines Application-Layer Protocol Negotiation (ALPN) extensions for use with RADIUS/TLS and RADIUS/DTLS. These extensions permit the negotiation of an application protocol variant of RADIUS called "RADIUS/1.1". No changes are made to RADIUS/UDP or RADIUS/TCP. The extensions allow the negotiation of a transport profile where the RADIUS shared secret is no longer used, and all MD5-based packet authentication and attribute obfuscation methods are removed. This document updates RFCs 2865, 2866, 5176, 6613, 6614, and 7360.

updates

rfc-2865 — Remote Authentication Dial In User Service (RADIUS)
rfc-2866 — RADIUS Accounting
rfc-5176 — Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS)
rfc-6613 — RADIUS over TCP
rfc-6614 — Transport Layer Security (TLS) Encryption for RADIUS
rfc-7360 — Datagram Transport Layer Security (DTLS) as a Transport Layer for RADIUS